On Tue, Aug 10, 2004 at 04:00:58PM -0700, Bart Simpson wrote: >> APR::Base64 and APR::URI look pretty >> useful too. > What are some practical uses of APR::Base64? Encoding > credit card nums before storing in DB? Passwords?
Well, Basic Authentication uses Base64 to encode the username/password string, so this is probably why it's part of the Apache api. > describes it as encoder/decoder of strings but leave > actual uses to the imagination of the programmer. I'm > particular in need of encrypting/encoding credit card > nums before storing them and am curios what this > module is and is not appropriate for. First of all, base64 encoding is useless for encrypting data. It is easy to recognise, and it's easy to decode. It's probably safer to store the cc-numbers in plain text, but backwards. Then again, encryption won't do you much good either, if it's automatically decrypted by a program. If an intruder manages to get access to your data, he'll probably gain access to your program as well, which in turn will give him full access to all your encrypted data. The best thing is if you can avoid storing the CC-numbers at all. Where I work, we only store an encrypted key. When the customer first enters the CC-details, we encrypt the data using our merchant certificate, and send it to our acquirer, and we get back a key. We never store the CC number anywhere. The key itself can not be used to get back the CC number. But we use this key when we want to charge the customer. The key is also locked to our account, so they will be completely useless to an intruder. -- Trond Michelsen -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
